Having the Smartphone “Talk” With Your Kids

Download the Mobile Security and Privacy Family Survey

Our team at NQ Mobile, along with the National Cyber Security Alliance (NCSA), just released findings from our recent consumer survey, which asked parents some important questions about how they view their children’s mobile privacy and security. Our findings were surprising and confirmed what we’ve known for a long time: If parents give their kids mobile devices, they need to have “the talk” with their kids about how to protect those devices and themselves. Check out our infographic below for an overview of some of our findings or view the entire study.

Mobile Threat Alert: GeoFeeBot Could Raise Your Mobile Bill

If you use an Android-based smartphones, please be aware of new malware that could increase your phone bill–GeoFeeBot.  NQ Mobile has just discovered a new and highly sophisticated mobile malware threat that uses GPS to track your location and then automatically sends SMS messages to raise your fees. Unfortunately, it also blocks confirmation messages from your service provider so you don’t know about the fees until you actually get your phone bill. All the malicious activities take place stealthily without your knowledge or consent.

This malware, called GeoFeeBot, is embedded in legitimate applications, making it harder to detect. Fortunately, you can protect yourself from GeoFeeBot and other types of malware if you follow a few simple steps:

  1. Only download apps from reputable app stores that you trust. When in doubt, check reviews and ratings, as well as developer information, before your download them.
  2. Check the permissions on all apps before you install them to ensure you’re comfortable with the data they’ll be accessing.
  3.  Look out for any unusual behavior on your mobile phones.
  4. Make sure you have up-to-date security software installed on your smartphone. Simply downloading a product like NQ Mobile Security will prevent malware like GeoFeeBot from even getting to your smartphone.

Want more details? For more information on GeoFeeBot and how it works, visit our Security Research Blog.

Mobile World Congress–We’re Impressed!

A crowd of 60,000 people gathered in Barcelona this week for Mobile World Congress 2012, one of the biggest mobile tech events in the world. As we enter Day 3 of this fantastic event, we can’t hide our enthusiasm over some of the new, cool features the mobile industry is unveiling.

It’s safe to say that smartphones are becoming super phones and it’s easy to see why. The average users make fewer phone calls, focusing instead on posting on Facebook and Twitter and sending text messages. They’re checking their bank balances, depositing checks, buying coffee, and reading restaurant reviews—so who really has time for making calls?

The good news is that, while the latest phones do promote phone calls, the features offered by Android 4.0, LTE, 4G, and quad-core took mobile devices to a whole new level. Here are just a couple of the phones that caught our attention this week:

HTC One X: With a Tegra 3 quad-core processor, four 1.5GHz main cores and a secondary core for low-power tasks, as well as a 4.7-inch Super LCD display with 1280 x 720 pixels for full HD resolution, it’s pretty spectacular. Its 8-megapixel camera can take a picture once every 0.7 seconds. So ask your buddy to jump up and down—you’ll capture his every move. Look out for this phone in April—it’ll be supported by AT&T’s LTE 4G network.

Samsung Galaxy Beam: This Android phone takes the projector phone one step further. Its pico projector can shine a 50-inch, 720p picture on any flat surface. Its LED projection unit lets you play back movies and games, tap the screen, and have the output projected onto a surface of up to 50 inches. We loved the alarm clock feature. You can wake up to images of nature (or whatever you’re into) on your ceiling. Pretty cool!

We didn’t see a lot of smartphones running on Microsoft’s Windows Phone platform. But we’ll keep you posted if we do. In the meantime, follow us on Twitter and join us on Facebook for more updates on MWC and everything mobile. And if you’re in Barcelona, stop by the Brightstar Pavilion. There’s a lot going on there that we’re sure you’ll find interesting.

Steer Clear of Drive-By Downloads

“Drive-by” is an expression popularized over the last two decades by vicious attacks among gang members. It connotes a strike that’s unexpected, stealthy and sometimes, deadly. As harsh as the term might seem, it’s probably appropriate for the type of malware that can launch a malicious raid on our mobile devices, without the slightest warning.

A drive-by download is, obviously, one that occurs without our permission or knowledge. The way we surf through our smartphones, checking email, looking at various websites and text messages, can be compared to a carefree drive through the country.  Drive-by malware, riding along in everything from websites to text messages, is always cloaked in an innocent-looking link, and can be activated either automatically with the click on a URL, or by following directions that lead us to download the stuff ourselves.

One popular method persuades users to infect their own phones by displaying a warning message that the device’s security has been breached, or that some kind of security threat is looming. The message urges us to click on the provided link in order to scan and fix the dastardly condition. In a moment of concern, we may follow this advice. When we do, noxious code is released into our mobile device. This type of malware is often designed to accept orders from a remote server, which instructs it to gather our data and return it, or spread itself to everyone on our contact lists. Drive-bys are also used to launch botnets or otherwise take control over the device.

Another form of drive-by downloads involves fraudulent advertising. Clicking on an infected ad might produce a screen that urges you to submit your credit card information to purchase a product, which most often pretends to be a new and improved anti-virus software.

Naturally, the most damaging and surreptitious of these are the ones that require nothing but a click on an infected URL. What can you do to avoid clicking on a poisoned link?

First, don’t click on anything uninvited, including ads or offers for scans or free software. If there’s a product you’re truly interested in owning, do some research first and order it from a trusted vendor.  Most importantly, download a legitimate, trusted security product that can detect and stop this activity before it infects your phone. It only takes a minute, and it can protect you from loss of sleep and money with one easy download. Visit NQ Mobile and download one of the world’s most highly rated and respected security package so you can surf your phone without a care.

Mobile Malware – What Can We Expect?

 Download the entire 2011 NQ Mobile Security Report 

Based on their security study findings from 2011, our researchers were able to deduce certain probabilities regarding the future of mobile malware. With approximately 700,000 Android activations taking place each day, it’s safe to say that the growth of Android malware won’t be slowing down any time soon. There are three “hotbeds” for mobile malware that we expect to be dealing with in 2012:


In this type of malware, legitimate mobile applications are being dismantled, embedded with malware, re-assembled and repackaged to look like the originals, launching their payload when the app is activated.

SMS Fraud

Cyber thieves use the phone’s SMS system to send surreptitious text messages to premium call numbers, with charges applied to the phone’s owner. This kind of fraud also gathers contact information for use in phishing and identity theft scams.


Only now starting to surface in the mobile world, botnets override security safeguards to allow hackers to take total control of the device.  Botnets can also spread by sending copies of themselves to other devices via text and email.

Although these specific forms of malware have been seen in the past, the likelihood of their growth this is obvious.  There are thousands of software engineers graduating from college every year, and a global unemployment rate that breaks all records. People will do what they need to do to survive, and this will certainly continue to be the case for malware authors.  In fact, we have not yet seen all the new and sophisticated versions of the three examples of “hotbed” malware, but we can safely predict that they will fall into three general categories.

Financial Penetration

Smartphones have created a simple, convenient way to conduct our monetary transactions, including banking and bill paying, as well as shopping online.  Because the primary intent of malware is financial gain, our researchers expect that malware such as SMS scams, mobile botnets and personal data collection will increase in popularity. Some forms of malware that matured in 2011 will are likely to evolve even more fully in 2012.

Rootkit Control

Our researchers expect mobile rootkits to emerge in a major way in 2012. Installing a rootkit requires either physical access to a phone, or tricking users into installing the malware themselves. Successful installation of a rootkit allows thieves to remotely control the phone and steal private data, undetected.


Since we are familiar with clicking on ads to download all kinds of applications, “malvertising” is probably going to surface more often than it has in the past.  A malware author can simply purchase a mobile ad which, when clicked, launches malware into the device and routes the user to a malicious website. 

This could be a rather dismal peek into the future, but there is a definitive silver lining. One positive is the fact that we know even more about malware than we did last year, thanks to research by experts like our security team. Consider our team’s few simple tips for protecting our mobile devices:

  • Be cautious when downloading new apps or clicking on URLs, and use only trusted purveyors for your app purchases.
  • Make protection of your device a priority in your life, just as you would with a PC
  • Regularly download the latest updates and security patches available for your device.
  • Disable geo-tagging features if you’re not using them.
  • Don’t make major purchases or conduct financial transactions at public Wi-Fi hotspots.

We can rest assured that companies like NQ Mobile are working day and night to identify and prepare solutions for new and innovative forms of malware. What’s more, the results of that research are available to us at any time. Downloading powerful protection, such as NQ Mobile Security, will apprehend and resolve threats before they are able to reach our phones.

Read our press release about the NQ Mobile 2011 Security Report.

2011 NQ Mobile Security Report: Malware Evolves

 Download the entire 2011 NQ Mobile Security Report 

NQ Mobile’s 2011 Security Report delves into some fascinating facts about the nature of malware, as well as last year’s colossal growth spurt in the mobile realm.  Mobile threats that showed the strongest capabilities were those that escalate privileges in a system, incur financial charges for the owner, take control of infected devices and steal private data from a device. Many forms of mobile malware are simply modified versions of the same malicious rubbish that once plagued the world of PCs, but malware inventors, just like smartphones, are becoming smarter all the time.

Our security experts explain that malware evolves within specific families.  Examples of some of the larger families are the PJapps, with several hundred configurations, and DroidKungFu, with more than 1,000 varied threats, all designed to bypass anti-virus software. Other large families have divided off into separate families, each borrowing infection methods from the other.

NQ’s research found that approximately 80% of Android malware comes in the form of repackaged apps. This method, sometimes referred to as “piggybacking,” involves the use of legitimate apps, mostly games, utilities or pornographic products.  Malware authors disassemble the app, add a malicious payload, and repackage it with a seemingly benign name, such as com.google.ssearch, used by DroidKungFu.  The malicious code is often encapsulated within the legitimate code, making it harder to detect.  When the malware is cloaked this way, the user is encouraged to activate an “update,” which will release the malware into the system.  The stealth built into this kind of system is becoming more sophisticated, as malware creators study new ways to avoid detection by security software.

Other sly forms of mobile malware, such as Spitmo, ZitMo and GGTracker, got their start with PC malware, like Zeus and SpyEye.  These vile infections invite users to download apps or click on ads, and then redirect them to a site that remotely collects their private information.  Another method automatically triggers the device to begin making calls in the background to premium numbers, at a substantial cost to the phone owner.  The designers of this type of malware work very hard to replicate the logos and interfaces of legitimate sites in order to gain password and account information, as well as to send text messages to contacts stored on the device.

Malware functionality becomes more complex as our researchers analyzed botnets, which take over and control an infected device, and SMS fraud, which dials and sends costly SMS messages without being detected.  Then, there are rootkits, designed to take command of the very heart of a mobile system. NQ found that rootkits are now being encrypted before they’re deployed, making them even harder to detect. In fact, our researchers note that one third of the malware dataset they analyzed contained some kind of root exploit. Adware, which has raised eyebrows recently with the Counterclank dispute, uses aggressive advertising methods to harvest private data from unsuspecting smartphone users.

This is a lot of alarming info when it’s all gathered together. The good news is that we know a lot about malware, and thousands of instances are being detected and blocked each day. Educating ourselves about mobile threats may be the best first best step toward eradicating them. The next step is pro-actively protecting our private data. NQ Mobile boasts more than 120 million users that are part of our cloud-based intelligence network, resulting in the largest and most sophisticated mobile threat detection and monitoring database in the world. The download is free. The security is invaluable.

Read all about NQ Mobile’s 2011 Security Report in this week’s press release.